Introduction

Your privacy is important to us and this Privacy Statement (“Statement”) is intended to provide a clear and accurate overview of the practices and approach to handling personal information by Thomson Reuters and its worldwide affiliated companies and subsidiaries. This Statement applies to any Thomson Reuters website, application, product, software and service (collectively, our “Services”) that link to this Statement. Occasionally, additional or different information about our privacy practices will be communicated via separate privacy statements, notices, terms of use and other notifications. If you do not agree to our privacy practices, you should not use our Services.

Please read this Statement carefully and contact us if you have any questions about our privacy practices and your choices. For any other questions, please refer to the “Contact Us” options within the applicable Services. It is important that you check back often for updates to this Statement. If we make changes we consider to be material, we will let you know by placing a note on the relevant Services and or contact you using other methods such as email. This statement was last updated on June 1, 2016.

Personal Information

Thomson Reuters collects, uses, discloses, transfers and stores personal and other information in conjunction with the Services. For example, when you register for our Services or order products via our websites and apps, we ask you to provide certain personal information such as your name, address, phone number, email address and payment card information. We may use certain information you provide to offer you products and Services that we believe may be of interest to you. If you contact us for customer support, we may ask you to provide information about your computer or mobile device and about the issues you are trying to resolve. This information is necessary to help us answer your questions. Not all of the personal information Thomson Reuters holds about you will always come directly from you. It may come from your employer or organization, institutions or associations to which you belong, our partners and other third parties, or publically available sources. We share personal information with others only as described in this Statement, or when we believe in good faith that the law permits or requires it.

Types of personal information we collect from you

When you use our Services, register for or attend an event, webinar, conference, training or the like, you may supply us with some of your personal information such as your name, email address or other information.

Our Services include interactive communities and collaboration tools and you may choose to share your personal information, preferences, all or portions of a social media profile or work product while interacting with us and other users and for discussion and peer review purposes.

Occasionally, you may be asked to provide us with information that may be considered sensitive personal information. For example, when you purchase something from us or subscribe to our Services we will collect payment information such as financial or bank card information and other information necessary for us to process the transaction.

Some of our Services will request your precise geo location (physical location) in order for the Service to function properly.

Other ways we collect personal information

We may receive personal information from an organization an individual is associated with (e.g., academic institution or employer), another client, a trade show or conference, professional networking groups, or other third parties.

Some of our collaboration tools allow individuals to upload their own information as outlined above in addition to information about other individuals for peer review purposes, collaboration and networking, including in online discussion forums and chat rooms.

Information about individuals may come from publicly available sources such as:

Personal information published by government departments and their agencies. These can include public registers, court records, directories and databases.

Hosted Solutions: some of our Services allow customers to store personal information and occasionally, sensitive personal information, in our systems. For example, our Tax and Accounting and Law Firm practice management solutions provide data storage as an integral part of the Service offering. Any information stored by or on behalf of customers is generally managed by and only accessible by those customers except under limited circumstances such as customer requested technical support.

Other third parties: we partner with reputable third party data vendors that provide personal information we then include in certain Services such as World-Check and Westlaw Public Records. Services that include this type of data may have separate Privacy Statements and Terms of Use.

How we use personal information

Customer Service and Account Administration: We use personal information to manage Services in relation to your subscriptions and registrations including setting up and administering your user account, providing invoices, delivering renewal notices and changes to service, handling inquiries and complaints, sending product and software updates, security notices and alerts and changes to terms of use and other policies. In addition, we use personal information to provide technical support and customer service to users.

Content Delivery and Personalization: We use personal information to deliver tailored content such as news, research, reports and business and other information.

Sales, Marketing and Advertising: We use personal information to send you marketing communications across various platforms such as email, telephone, text messaging and/or direct mail. We also market and advertise online, in applications and via social media platforms. We maintain preference centers for you to manage your marketing preferences and you can opt out of targeted advertising where available.

Trainings, Seminars, Conferences and Events: We use personal information to send you information about training sessions, seminars, conferences or events we think may be of interest to you. In addition, we use information you provide when registering for a conference or event and information you choose to include in your event profile to personalize your experience, make recommendations to connect with others and suggest relevant content.

Surveys, Polls, Competitions and Promotions: If you choose to participate in a survey, poll, competition or promotion, any personal information you provide may be used for administration, marketing or market research purposes.

Gaming: Sometimes we produce or partner with others to produce online games or gaming apps. These online games/gaming apps will collect personal information from players which may be shared with other players or third parties and may be subject to their own Terms of Use.

Financial markets where we have databases of public and private company executives and directors, global shares ownership data, key decision makers for investment banking.

As part of our governance, risk and compliance offerings, we provide information to organizations that use it for risk management.

Personal information about individuals is also contained in our news and public records content.

Legal Obligations: We may be required to use and, where required, retain personal information for legal and compliance reasons such as the prevention, detection or investigation of a crime, loss prevention or fraud. We also use personal information to meet our internal and external audit requirements such as tax and accounting or information security purposes.

Research and Product Development: We use personal information for research and product development purposes, such as improving and testing the features and functions of our Services. We also use this information to gather insight and useful business information in order to deliver more effective marketing and to provide better customer service and support.

Recordings of Training, Webinars, Conferences and Similar Events: We occasionally record training sessions, webinars and conferences, by taking videos or simply recording audio for future downloads podcasts or other delivery.

Telephone recordings: We may record telephone calls where permitted by law for helpdesk support, customer service and sales support, for example.

How and when we share personal information

There are a number of internal and external parties Thomson Reuters needs to share personal information with as part of our everyday business processes. If and when we share your information, we do so in accordance with data privacy and security requirements. Below are some examples of the parties with whom we may share data and why.

Within Thomson Reuters: We share personal information across Thomson Reuters according to business needs. Our businesses are supported by a variety of internal teams and functions. Your personal information will be made available to these support functions for delivery of Services, sales and marketing, customer and technical support, or administration, for instance.

Affiliates and Business Partners: We have a network of global affiliates and business partners with whom we may share personal information for legitimate business purposes. For instance, sometimes we partner with another organization to deliver a shared product or Service or host an event, conference or seminar. As part of these arrangements, you may be a customer of both Thomson Reuters and our partner or affiliate.

Third Party Service Providers: We partner with and are supported by many reputable suppliers across the world to which we may outsource some of our business operations or which provide certain Services. Personal information will be made available to these parties to fulfill the services they provide to us such as content, software, system and platform services and support, direct marketing services, data analytics and order fulfillment and delivery. These third party service providers are required to follow our data privacy and security requirements and are not permitted to use personal information made available to them by us for any other purpose.

Legal/other reasons: We will share personal information when in good faith we believe it is required such as:

To comply with applicable legal obligations and respond to requests from government agencies including law enforcement and other public authorities.

In the event of a Thomson Reuters merger, sale, restructure or acquisition, we will be required to disclose personal information to the relevant third parties involved.

To protect our rights, users, systems and Services.

Where we store and process personal information

Thomson Reuters is a global business with networks, databases, servers, systems, support and helpdesks located throughout our offices around the globe. We collaborate with third parties including suppliers, affiliates and partners located around the world to serve the needs of our business, workforce and clients. We take appropriate steps to ensure that personal information is processed, secured and transferred according to applicable law. By using our Services or providing us with your information, you consent to personal information transfers outside of your home country. If you would like to know more about our practices, please feel free to contact our Privacy Office (contact information provided below).

How we keep personal information secure

Thomson Reuters takes privacy and security seriously and we use appropriate technologies and procedures to protect personal information. For example:

We have measures in place to protect against accidental loss and unauthorized access, use, destruction or disclosure.

We place appropriate restrictions on access to personal information.

We implement appropriate measures and controls, including monitoring and physical measures, to store data securely. Our employees, contractors and suppliers who handle data on our behalf are required to operate in accordance with our security procedures and/or recognized industry standards and in accordance with any applicable contractual conditions.

How long we keep personal information

Thomson Reuters has a Records Management team which works in conjunction with the Privacy Office to implement appropriate rules and schedules relating to the retention of personal information. We retain personal information for as long as we reasonably require it for legal or business purposes. In determining data retention periods, Thomson Reuters takes into consideration local laws, contractual obligations and the expectations and requirements of its clients. When we no longer need personal information, we securely delete or destroy it.

Your right to access, correct and delete your personal information

Thomson Reuters respects your rights under applicable data privacy laws and recognizes our duty to help you exercise those rights.

If you request access to your personal information, we will gladly comply, subject to any relevant statutory requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may be required to delete references to other people or their information to protect their privacy. In some jurisdictions, you have the right to correct or amend your personal information which is inaccurate or requires updating. You also have the right to request deletion of your information however, this may not always be possible due to legal requirements and other factors.

In most instances, you can manage your information via your user account and our email preference centers. Please use the “Contact Us” option in the relevant Service for more details.

Please note: Where it is the responsibility of Thomson Reuters to do so, we will maintain appropriate data quality standards and practices. Where we rely on external third parties as sources of data, we take steps to ensure that these are reputable partners and sources with effective data quality practices.

Other Information We Collect

In addition to the types of information described above, Thomson Reuters collects and uses other types of information to help us operate, manage and protect our Services and content, analyze usage patterns, troubleshoot and improve the Services and user experience by suggesting relevant content and advertising. For example, when you use our Services we track information about your usage and store that information in web server logs, which are records of the activities on our sites and in our apps. Our servers automatically capture and save much of this information electronically.

Types of information we collect include:

Unique Internet Protocol address

The city, state, and country from which users access our Services

The kind of browser, operating system including version number, computer or device used

The number and types of links and buttons clicked within the site or app

The date and time of visits

The web page from which users arrive to our site and/or other web pages they visit

Certain searches and queries that users conduct via our website(s) or in apps

A unique identifier we assign to a device (or a unique identifier already associated with a device), a UDID, MAC address, IFA or similar identifiers

Technical facts about network access and device

Language preferences

Pages visited and content viewed, stored or purchased

Information users enter or store in an app

We may occasionally share non-personal, anonymized, statistical and research data with third parties.

Cookies and Similar Technologies

Thomson Reuters and our third party service providers set cookies and use similar technologies to store and manage user preferences, deliver targeted advertising, enable content and gather analytic data, for example. The use of cookies and similar tracking technologies is very common across websites and apps. More information about how we use cookies and similar technologies and how you can control and manage them is below.

What is a cookie? A cookie is a small text file that is placed on a computer or other device and is used to identify the user or device and to collect information.

Types of cookies and similar technologies

There are several different types of cookies and similar technologies:

Cookies:

Session cookies: A session cookie lasts for as long as your browsing session lasts. The moment you close your browser, the session cookie expires.

Persistent cookies: A persistent cookie lasts longer than your browsing session and will remain on your device until you delete it. These can be used for sharing content and for social media, for example.

Security cookies: Security cookies are used to provide secure data transmission across connections. They can be used to prevent fraudulent use and interception of a user’s account details, credit card information and personal information that is inputted into a form and then sent across a web connection.

Local Shared Objects/Flash cookies: Flash cookies are also known as local shared objects and are designed to support browser content supported by Adobe Flash. They are usually used to enable ads and video content on websites. Like other cookies, they will store information on your device, some of which will be specific to the Flash enabled content. To manage or block Flash cookies, go to http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html.

Web beacons: Our web pages may contain electronic images known as web beacons (also called single-pixel gifs and transparent graphic images) that we use to help deliver cookies on our sites, count users who have visited those sites and deliver services. We may also include web beacons in our promotional email messages or newsletters to determine whether an email is opened and if links are clicked.

Analytics: Our Services use web beacons and similar technologies to help us compile information about our Services and the effectiveness of our promotional campaigns and other operations. These technologies enable the analytics providers to set or read their own cookies or other identifiers on your device, through which they can collect information about your online activities across applications, websites or other services. Please note that we do not permit our third party analytics providers to collect or access personal information for any purpose other than to provide services to Thomson Reuters. You can opt out of analytics collection or use as available in the Services.

How we use cookies and similar technologies

Customization and user preferences: We use cookies to identify you when you visit the site, store your user id and customize the site according to the preferences you set.

Web server logs: Cookies can also be used to capture web server log data, IP addresses, browser and device information, device operating system, web browsing activity within the Services, content and pages viewed, clicked links, URLs visited before and after you use our Services.

Essential functions and features: Cookies enable certain features and functions and enable smooth navigation across our sites during online transactions and purchases. These cookies are often referred to as essential or strictly necessary cookies -e. without them, certain content, functions and features would fail to work and we might not be able to deliver a requested service.

Trends, patterns and analytics: We use cookies and similar technologies for example, to monitor trends and patterns, collect high level (non-precise) location information, analyze users’ activity across our Services and for sales, marketing and product quality, development and enhancement purposes.

E-mail: We include web beacons for example, in some of our promotional email messages and newsletters to determine whether you open or take other actions. Please remember that you can unsubscribe from email marketing by visiting the applicable Service’s email preference center, using the embedded unsubscribe link within an e-mail or by using the “Contact Us” option for that Service.

By accessing and using our Services, you consent to the storage of cookies, other local storage technologies, beacons and other information on your devices. You also consent to the access of such cookies, local storage technologies, beacons and information by us and our third party service providers.

Examples of Cookies we use

Below is a non-exhaustive list of our most commonly used cookies and how we use them. Depending upon the site visited, all or some of these cookies may be used:

Provider

Cookie name

Purpose

PHP (tax.thomsonreuters.com)

PHPSESSID

The PHPSESSID cookie is native to PHP and enables websites to store serialized state data. On the Action website it is used to establish a user session and to pass state data via a temporary cookie, which is commonly referred to as a session cookie. As the PHPSESSID cookie has no timed expiry, it disappears when the client is closed.

BIG-IP® local traffic management system

BIGipServerTAXTRCOM-80

Generated by the F5 and enables session persistence for the load balancer. The BIG-IP system tracks and stores session data, such as the specific pool member that serviced a client request. The primary reason for tracking and storing session data is to ensure that client requests are directed to the same pool member throughout the life of a session or during subsequent sessions.

LinkedIn

_bizo_np_stats

_bizo_cksm

_bizo_bzid

Targeted advertising cookies from LinkedIn.

Google Analytics

__qca

_ga

_gat_UA-49136336-18

_dc_gtm_UA-2491998-20

_gat_UA-49136336-17

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the site from and the pages they visited.

JS (tax.thomsonreuters.com)

cookies.js

Set to 1/true if the users browser supports cookie

Hotjar
(HotJar.com)

_hjUserId

This cookie is set as soon as a user loads a page which contains the Hotjar code. The cookie contains a universally unique identifier (UUID) which allows Hotjar to track the same visitor across multiple pages and sessions.

cs_thomsonreuters_com_astate_prod

stores the user's first name from the CS site so we can display "Hi John" in the site header regardless of whether the user signed in from tax.thomsonretuers.com or cs.thomsonreuters.com

tax_thomsonreuters_com_astate_prod

stores the user's first name from OnePass so we can display "Hi John" in the site header regardless of whether the user signed in from tax.thomsonretuers.com or cs.thomsonreuters.com

cs_thomsonreuters_com_firm_info_prod

- stores the firm number for professional firms. It is created when a user signs into the CS site. This lets us know which firm the user belongs to when the user is on the tax site. Many of the "contact us" pages are now on the tax site and this cookie lets us add the firm number to the information that the user enters on the "contact us" form which helps Customer Service find their information.

Managing cookies

You can manage cookies in your browser settings. You always have the choice to change these settings by accepting, rejecting or deleting cookies. If you choose to change your settings, you may find that certain functions and features will not work on the website you visit. All browser settings are slightly different so to manage cookies, you should refer to the relevant settings within your browser. Flash cookies can only be deleted within Adobe Flash rather than via your browser. Please refer to the following help page for information on how to manage your privacy settings and deletion of cookies: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

We understand that you may want to know more about cookies. Here are some useful resources which provide detailed information about types of cookies and similar technologies, how they are used and how you can manage your cookie preferences: www.aboutcookies.org or www.allaboutcookies.org.

Interest Based Advertising (IBA)

IBA allows Thomson Reuters to deliver targeted advertising to visitors of our sites and users of our apps. IBA works by showing you advertisements which are based on the type of content you accessed or read, and delivering advertisements which we believe may be of interest to you. For example, as you browse our sites, one of the cookies placed on your computer will be an advertising cookie so we can better understand what sort of pages you are interested in. The information collected about your device enables us to group you with other devices which have shown similar interests. We can then display advertising to you which is based on these interests. For instance, if you have been reading Tax and Accounting articles we may decide to show you advertisements about Tax and Accounting Services. Please note that none of the IBA techniques we use require us to collect or use personally identifiable information like your name, email address, address or telephone number.

Ad retargeting is another form of IBA which enables us and some of our advertising partners to show you ads based on your online and app activity away from our sites and Services. For example, if you have visited the website of an online clothing store, you may start seeing ads from that same shopping site displaying special offers or showing you the products that you were browsing. This allows companies to advertise to visitors who are interested in their content after they leave the company’s website.

We may also share interest based ad data with other websites or ad servers. This may mean that when you visit other websites you are served advertising based on your behavior across our sites and, on our sites you may be served advertising based on your behavior across other sites.

If you want to opt-out of receiving interest based advertising, it does not mean that you will no longer receive advertising when you are using our websites and apps. It just means that the advertising you see will not be customized or relevant to you. Where available, you can manage your advertising profile by clicking on the relevant advertising choices icon or tab. For more information about IBA, please visit: http://www.iab.net/public_policy/behavioral-advertisingprinciples.

Do Not Track

Some browsers transmit Do Not Track (DNT) signals to websites. Due to the lack of a common interpretation of DNT signals throughout the industry, Thomson Reuters does not currently alter, change, or respond to DNT requests or signals from these browsers. We will continue to monitor industry activity in this area and reassess our DNT practices as necessary.

Connecting Via Social Networks

Some of our Services may include social networking features, such as the Facebook “Like” button and widgets, “Share” buttons and interactive mini-programs. Additionally, you may choose to use your own social networking logins from, for example, Facebook or LinkedIn, as login credentials to some of our Services. If you choose to connect with a social networking service, we may receive and store authentication information from that service to enable you to log in, as well as other information that you may choose to share when you connect with these services. These services may collect information such as your web pages visited and IP address, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third party services you use or access.

Links to Third Parties

Thomson Reuters Services may contain links to other apps, services, tools and websites that are not affiliated with, controlled or managed by us. The privacy practices of these third parties will be governed by those companies’ Privacy Statements. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third party services you use or access.

Children’s Privacy

Thomson Reuters provides information solutions for professionals and our Services are generally not aimed at children. If however, we collect and use information about children, for example to develop an educational resource, we will comply with any relevant standards, industry guidelines and applicable laws.

Contact Us

We understand that you may have questions or concerns about this Statement or our privacy practices. Please contact us in one of the following ways:

Thomson Reuters Privacy Office:

Privacy.enquiries@thomsonreuters.com

Communication Preferences and Services support:

To update your information and email marketing preferences, or for help with your Services, please visit the email preference center or use the “Contact Us” option for the relevant Service.